Re: [syzbot] [jffs2] kernel BUG in jffs2_del_ino_cache

All of lore.kernel.org
 help / color / mirror / Atom feed

From: syzbot <syzbot+44664704c1494ad5f7a0@syzkaller.appspotmail.com>
To: linux-kernel@vger.kernel.org, syzkaller-bugs@googlegroups.com,
	 tristmd@gmail.com
Subject: Re: [syzbot] [jffs2] kernel BUG in jffs2_del_ino_cache
Date: Fri, 17 Apr 2026 05:47:02 -0700	[thread overview]
Message-ID: <69e22bc6.a00a0220.1bd0ca.0002.GAE@google.com> (raw)
In-Reply-To: <20260417101247.2492008-1-tristmd@gmail.com>

Hello,

syzbot has tested the proposed patch but the reproducer is still triggering an issue:
WARNING in jffs2_del_ino_cache

------------[ cut here ]------------
WARNING: fs/jffs2/nodelist.c:462 at jffs2_del_ino_cache+0x247/0x2d0 fs/jffs2/nodelist.c:462, CPU#0: syz-executor.0/5271
Modules linked in:
CPU: 0 UID: 0 PID: 5271 Comm: syz-executor.0 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
RIP: 0010:jffs2_del_ino_cache+0x247/0x2d0 fs/jffs2/nodelist.c:462
Code: 3c 24 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d e9 4e f8 2c 08 e8 39 b9 a5 fe 49 39 df 75 92 e9 42 ff ff ff e8 2a b9 a5 fe 90 <0f> 0b 90 e9 fe fd ff ff 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 36
RSP: 0018:ffffc9000387fa30 EFLAGS: 00010293
RAX: ffffffff831b67d6 RBX: ffff88807d8cdec0 RCX: ffff88802b6b9ec0
RDX: 0000000000000000 RSI: ffff88807d8cdec0 RDI: ffff88807cade000
RBP: 0000000000000006 R08: ffff88807cade363 R09: 1ffff1100f95bc6c
R10: dffffc0000000000 R11: ffffed100f95bc6d R12: ffff88807d8cdec0
R13: dffffc0000000000 R14: ffff88807d8cdee0 R15: ffff88807cade000
FS:  000055558eb524c0(0000) GS:ffff888126b49000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffe1dbb7d10 CR3: 000000007a0a0000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 jffs2_do_clear_inode+0x31e/0x390 fs/jffs2/readinode.c:1443
 evict+0x61e/0xb10 fs/inode.c:841
 dispose_list fs/inode.c:883 [inline]
 evict_inodes+0x75a/0x7f0 fs/inode.c:937
 generic_shutdown_super+0xaa/0x2d0 fs/super.c:632
 kill_mtd_super+0x23/0x70 drivers/mtd/mtdsuper.c:174
 jffs2_kill_sb+0x96/0xb0 fs/jffs2/super.c:350
 deactivate_locked_super+0xbc/0x130 fs/super.c:476
 cleanup_mnt+0x437/0x4d0 fs/namespace.c:1312
 task_work_run+0x1d9/0x270 kernel/task_work.c:233
 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]
 __exit_to_user_mode_loop kernel/entry/common.c:67 [inline]
 exit_to_user_mode_loop+0xed/0x480 kernel/entry/common.c:98
 __exit_to_user_mode_prepare include/linux/irq-entry-common.h:207 [inline]
 syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:238 [inline]
 syscall_exit_to_user_mode include/linux/entry-common.h:328 [inline]
 do_syscall_64+0x33e/0xf80 arch/x86/entry/syscall_64.c:100
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f23f406ea17
Code: a2 c7 05 e8 94 11 00 00 00 00 00 eb 96 e8 f1 09 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 d0 ff ff ff f7 d8 64 89 02 b8
RSP: 002b:00007ffe1dbb8368 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
RAX: 0000000000000000 RBX: 00007f23f40ce3ef RCX: 00007f23f406ea17
RDX: 0000000000000000 RSI: 000000000000000a RDI: 00007ffe1dbb8420
RBP: 00007ffe1dbb8420 R08: 00007ffe1dbb9420 R09: 00000000ffffffff
R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe1dbb94e0
R13: 00007f23f40ce3ef R14: 0000000000016f5d R15: 0000000000000003
 </TASK>


Tested on:

commit:         43cfbdda Merge tag 'for-linus-iommufd' of git://git.ke..
git tree:       https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
console output: https://syzkaller.appspot.com/x/log.txt?x=12ae41ba580000
kernel config:  https://syzkaller.appspot.com/x/.config?x=ef989e593e72d81
dashboard link: https://syzkaller.appspot.com/bug?extid=44664704c1494ad5f7a0
compiler:       Debian clang version 21.1.8 (++20251221033036+2078da43e25a-1~exp1~20251221153213.50), Debian LLD 21.1.8
patch:          https://syzkaller.appspot.com/x/patch.diff?x=179c78ce580000

next      parent reply	other threads:[~2026-04-17 12:47 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20260417101247.2492008-1-tristmd@gmail.com>
2026-04-17 12:47 ` syzbot [this message]
     [not found] <177651701031.737093.12574765940269571633@gmail.com>
2026-04-18 13:57 ` [syzbot] [jffs2] kernel BUG in jffs2_del_ino_cache syzbot
     [not found] <177644291920.3792332.17582976522190204583@talencesecurity.com>
2026-04-17 20:05 ` syzbot
2024-04-03 14:13 [syzbot] [jffs2?] " syzbot
2024-04-03 14:13 ` syzbot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=69e22bc6.a00a0220.1bd0ca.0002.GAE@google.com \
    --to=syzbot+44664704c1494ad5f7a0@syzkaller.appspotmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=tristmd@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.